Our vB forum (4.0.3) was hacked. We have somehow managed to start it again.
This was not a server side hacking, but only vB was hacked.

We were using default theme and there is no customisation. So a simple upgrade would take care of the files.

However, we are unsure about the sanctity of the database. Is there some way we can check this?

TIA.

Not really. I mean, you can look in the usual areas - template table, plugin table - for any base64 additions. But, there are just so many different ways to hack a site that it's very hard to know exactly what they did and/or write a list of all things to check for.

How do I look for base64 additions?
What other things do I need to check?

One thing is sure that it was not a server side hacking. So access to DB was limited to what vB provides.

How do I look for base64 additions?
What other things do I need to check?

One thing is sure that it was not a server side hacking. So access to DB was limited to what vB provides.

You'll see actual snippets of "funky" code and by that I mean code that normally does not belong there...

eval(base64_decode("aWblahblahblah

Now that can be in the database where users would normally not see it and in other cases they modify your actual .php files and insert it there or within your templates.

Along with checking for similar types of code in all those areas you'll want to check the timestamps of all files and folders on the server, look for Shell scripts those are scripts they upload that will still allow access even after you patch the original way they gained access and shells depending on how their coded can allow them to do quite a few things including but not limited to detecting what type of server your on and recording all database credentials... I dealt with one recently that also allowed them to modify and upload files through it's interface.

The main thing to be sure of is:

1. I've patched or removed how the initially gained access.
2. I've removed all malicious snippets of code.
3. I've removed any and all malicious files and shell scripts if any.

If you've never ran backups before now is a good time to get in that habit never be at a disadvantage because someone hacked your site always be on top of your game as a forum administrator or owner by being well prepared and overly cautious imo ;).

I will upgrade the forum so that will replace all templates, etc.
Will then have to see thru the DB.

Thank you for your help and advise. :)